Georgi Guninski Retires

Georgi Guninski sent an email to Full Disclosure today, claiming that he will be retiring from the public security scene. Pre-meditating the question of why, he writes, if one needs to ask for a reason: got old, got somewhat tired. Georgi has made excellent contributions to the security community for some time now. He has […]

Hacking HomePlug Networks

I dont know whether HomePlug networks are growing in use or not, but the following statements caught my attention: Officials at Intellon, the chip maker that developed the HomePlug spec, say that hacking into a HomePlug network would require cracking the governments DES encryption standard. – link My favourite: HomePlug specification products also protect data […]

AVs prove less-effective

Last year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the following: A tool to aid penetration testers and web developers with security testing document management applications. Recently I made a pre-v2 release of the tool, which has received even more feedback then the previous version and the […]

Getting Certified (Part II): Security Certs

Well what about security certifications? There are useful guides to certifications at about.com and dmiessler.com. Arguably, the better internationally known certifications listed are CISSP and SCNP. One recent addition into this arena is the Certified Ethical Hacker (CEH). Their course outline provides a very good background on what you should know as a security tester. […]

Web Backdoor Compilation

Web Backdoor Compilation (wbc) DK (http://michaeldaw.org) Changelog Date Change 24 Apr 07 Anti-Virus Capabilities (Work done by Dancho Danchev) 14 Apr 07 Version 1b (pre 1.2 release): perlcmd.cgi, cfexec.cfm, cmdasp.aspx Dec/06 Version 1 release. I have collected some WEB backdoors in the past to exploit vulnerable file upload facilities and others. I think a library […]